Inter-VRF-Lite routing (2/7)


Customer-to-Customer communication through HUB site

– R1 separates Customer traffic using different routing instances “vhost4”, “vhost5”

– VRF “57” reserved for traffic from CustomerA toward the common site R7.

– VRF “47” reserved for traffic from CustomerB toward the common site R7.

– VRF “45” reserved for traffic from common site toward both Customers.

– Customers communicate with each other ONLY through the common site R7.

To avoid confusion, router R7 is deployed using a separate physical router (as against virtual deployment for “Vhost5” and Vhost4 routers)

Picture: 1-2


R1 Configuration

interface Serial1/0.104 point-to-point

ip vrf forwarding vhost4

ip address 155.1.0.14 255.255.255.0

frame-relay interface-dlci 104

!

interface Serial1/0.105 point-to-point

ip vrf forwarding vhost5

ip address 155.1.0.15 255.255.255.0

frame-relay interface-dlci 105

R1-R7 communication is performed through dot1q sub-interface

interface FastEthernet2/0.45

encapsulation dot1Q 45

ip vrf forwarding 45

ip address 172.1.45.1 255.255.255.0

!

interface FastEthernet2/0.47

encapsulation dot1Q 47

ip vrf forwarding 47

ip address 172.1.47.1 255.255.255.0

!

interface FastEthernet2/0.57

encapsulation dot1Q 57

ip vrf forwarding 57

ip address 172.1.57.1 255.255.255.0

Inter-VRF communications depends on static routing from one VRF to other VRF outbound interfaces

VRF “vhost4”

ip route vrf vhost4 0.0.0.0 0.0.0.0 FastEthernet2/0.47 172.1.47.7

ip route vrf vhost4 40.0.0.0 255.255.255.0 155.1.0.4

VRF “vhost5”

ip route vrf vhost5 0.0.0.0 0.0.0.0 FastEthernet2/0.57 172.1.57.7

ip route vrf vhost5 50.0.0.0 255.255.255.0 155.1.0.5

VRF “47” receive traffic from VRF “vhost4” and forward to the HUB site

ip route vrf 47 0.0.0.0 0.0.0.0 172.1.47.7

VRF “57” receive traffic from VRF “vhost5” and forward to the HUB site

ip route vrf 57 0.0.0.0 0.0.0.0 172.1.57.7

For any traffic coming from the HUB site, customer prefixes 40.0.0.0/24 and 50.0.0.0/24 are reachable respectively through VRF “vhost4” and VRF “vhost5” outbound interfaces.

ip route vrf 45 40.0.0.0 255.255.255.0 Serial1/0.104 155.1.0.4

ip route vrf 45 50.0.0.0 255.255.255.0 Serial1/0.105 155.1.0.5

VRF routing tables on R1

R1#sh ip route vrf vhost4

Routing Table: vhost4

Gateway of last resort is 172.1.47.7 to network 0.0.0.0

155.1.0.0/24 is subnetted, 1 subnets

C 155.1.0.0 is directly connected, Serial1/0.104

40.0.0.0/24 is subnetted, 1 subnets

S 40.0.0.0 [1/0] via 155.1.0.4

S* 0.0.0.0/0 [1/0] via 172.1.47.7, FastEthernet2/0.47

R1#

R1#sh ip route vrf 47

Routing Table: 47

Gateway of last resort is not set

172.1.0.0/24 is subnetted, 1 subnets

C 172.1.47.0 is directly connected, FastEthernet2/0.47

S 0.0.0.0/0 [1/0] via 172.1.47.7

R1#

Traffic coming from customerB is forwarded to a VRF “47” outbound interface, which in turn forward traffic to R7

R1#sh ip route vrf vhost5

Routing Table: vhost5

Gateway of last resort is 172.1.57.7 to network 0.0.0.0

50.0.0.0/24 is subnetted, 1 subnets

S 50.0.0.0 [1/0] via 155.1.0.5

155.1.0.0/24 is subnetted, 1 subnets

C 155.1.0.0 is directly connected, Serial1/0.105

S* 0.0.0.0/0 [1/0] via 172.1.57.7, FastEthernet2/0.57

R1#

R1#sh ip route vrf 57

Routing Table: 57

Gateway of last resort is not set

172.1.0.0/24 is subnetted, 1 subnets

C 172.1.57.0 is directly connected, FastEthernet2/0.57

S 0.0.0.0/0 [1/0] via 172.1.57.7

R1#

Traffic coming from customerA is forwarded to a VRF “57” outbound interface, which in turn forward traffic to R7

R1#sh ip route vrf 45

Routing Table: 45

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets

S 50.0.0.0 [1/0] via 155.1.0.5, Serial1/0.105

172.1.0.0/24 is subnetted, 1 subnets

C 172.1.45.0 is directly connected, FastEthernet2/0.45

40.0.0.0/24 is subnetted, 1 subnets

S 40.0.0.0 [1/0] via 155.1.0.4, Serial1/0.104

R1#

Traffic coming from HUB site R7 is forwarded to the appropriate VRF according to the destination

R7 (HUB site) Configuration

interface FastEthernet1/0.45


encapsulation dot1Q 45

ip address 172.1.45.7 255.255.255.0

!

interface FastEthernet1/0.47


encapsulation dot1Q 47

ip address 172.1.47.7 255.255.255.0

!

interface FastEthernet1/0.57


encapsulation dot1Q 57

ip address 172.1.57.7 255.255.255.0

Traffic from VRF “vhost4” & “vhost5” on R1 converge and sent back to R1 VRF “45”

ip route 40.0.0.0 255.255.255.0 172.1.45.1

ip route 50.0.0.0 255.255.255.0 172.1.45.1

R7#sh ip route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets

S 50.0.0.0 [1/0] via 172.1.45.1

172.1.0.0/24 is subnetted, 3 subnets

C 172.1.45.0 is directly connected, FastEthernet1/0.45

C 172.1.47.0 is directly connected, FastEthernet1/0.47

C 172.1.57.0 is directly connected, FastEthernet1/0.57

40.0.0.0/24 is subnetted, 1 subnets

S 40.0.0.0 [1/0] via 172.1.45.1

R7#


CustomerB to CustomerA

vhost#trace vrf vhost4 50.0.0.1

Type escape sequence to abort.

Tracing the route to 50.0.0.1

1 40.0.0.4 56 msec 44 msec 4 msec

2 155.1.0.14 52 msec 24 msec 12 msec

3 172.1.47.7 48 msec 20 msec 24 msec

4 172.1.45.1 28 msec 92 msec 36 msec

5 155.1.0.5 76 msec 40 msec 40 msec

6 50.0.0.1 56 msec * 208 msec

vhost#

vhost#trace vrf vhost5 40.0.0.1

Type escape sequence to abort.

Tracing the route to 40.0.0.1

1 50.0.0.5 84 msec 60 msec 8 msec

2 155.1.0.15 52 msec 12 msec 20 msec

3 172.1.57.7 76 msec 32 msec 28 msec

4 172.1.45.1 20 msec 24 msec 28 msec

5 155.1.0.4 88 msec 80 msec 52 msec

6 40.0.0.1 72 msec * 140 msec

vhost#

Picture: 1-2a illustrates how customer traffic switch from one VRF to another through router R7

Picture 1-2a: traffic flow


Back to main article

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

3 Responses to Inter-VRF-Lite routing (2/7)

  1. Pingback: Inter-VRF-Lite routing « CCIE, the beginning!

  2. Steve says:

    Hi. Compliments on the great article and website in general. I have just one question – there is a static route defined on each of vrf 47 and 57, as follows –

    ip route vrf 47 0.0.0.0 255.255.255.0 172.1.47.7
    ip route vrf 57 0.0.0.0 255.255.255.0 172.1.57.7

    I note the network address of 0.0.0.0 with mask 255.255.255.0. Is this a default route? I’m confused by this network address and mask.

    Regards,
    Steve.

  3. cciethebeginning says:

    HI Steve,
    Indeed, it is meant to be a default route “0.0.0.0 0.0.0.0” That was typo I have corrected in the lab, but not in the documentation. Now it is done!
    Thank you Steve, I appreciate your contribution.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: